Confidentiality we use: Encryption for data at rest (for instance AES256), full disk encryption.
Secure transport protocols for data in motion. (SSL, TLS or IPSEC). Best practices for data in use -
clean desk, no shoulder surfing, screen view angle protector, PC locking (automatic and when
leaving).Strong passwords, multi factor authentication, masking, access control, need-to-know, least
privilege. Threats: Attacks on your encryption (cryptanalysis). Social engineering. Keyloggers
(software/hardware), cameras, Steganography. Man-in-the-middle attacks.